Further Insight into Security Advisory 979352 and the Threat Landscape

Further Insight into Security Advisory 979352 and the Threat Landscape

We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352, which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight.

First, we will provide an update on the threat landscape – there has been a lot of speculation, so we’ll share detailed information on what Microsoft is seeing in terms of attacks across all of our monitoring systems. Second, we’ll highlight what customers should do to protect themselves. Finally, I will provide an update on the continuing work at Microsoft to respond to this situation and help protect our customers.

In terms of the threat landscape, we are only seeing very limited number of targeted attacks against a small subset of corporations. The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time. This is likely due to improved security protections provided by newer versions of Internet Explorer and Windows as described in our recent Security Research and Defense Blog. In summary, we are not seeing any widespread attacks by any means, and thus far we are not seeing attacks focused on consumers.

That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves. That is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible. Additionally customers should consider implementing the workarounds and mitigations provided in the Security Advisory.